Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We
also use these cookies to improve our products and services, support our marketing
campaigns, and advertise to you on our website and other websites. Some cookies may continue
to collect information after you have left our website.
Learn more (including
how to update your settings) here.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the
license provided by that third-party licensor. Splunk is not responsible for any third-party
apps and does not provide any warranty or support. If you have any questions, complaints or
claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Config Explorer

To install your download

For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Config Explorer

Splunk AppInspect Passed

Overview

Details

This app provides a editor interface for viewing and editing Splunk files. It has the following features:

* Code completion and tooltip hinting for '.conf' files (by loading the Splunk '.spec' files)* Code gutter highlights if the line can be found in btool and if it is valid according to spec files* Displays the spec files relevant to your Splunk installation* Diff files* Provides a syntax-highlighted interface to btool, and allows diffing against the currently running config* Embeds the excellent Microsoft Monaco editor (Visual Studio Code) - with three themes* Provides useful developer hooks (bump, debug refresh etc) that can be customised and extended* Optional version control of all changes by committing them to a git repository before and after changes* Works on Linux and Windows (it is quite slow on Windows)

By default, the app is not able to save files, but this can be enabled from the "Settings" link.As this app provides unrestricted access to Splunk files, users must have the "admin" role to see the app.

Important warnings:

This app allows changing of files just like you are on the filesystem; it should be used very carefully in any environment that you care about.

Do not use this app on Search Head clusters to change files becuase it won't sync changes to cluster members

This app does not automatically update the Splunk running config (except for properties like search-time extractions which
Splunk does regularly re-read)

There are no built-in restrictions on viewing secrets files or passwords. Don't make this app available to
users who should not see that sort of thing

There are also no restrictions that prevent editing files in default/ folders. You should follow normal Splunk
best practices and only edit the /local/*.conf files or files in default/ if you are the developer of that app

When performing file operations, this app inherits the permissions of the user account that is running Splunk.

All Splunk apps inherit the permissions of the Splunk user and can do things without your knowing. If
you care about your Splunk instance, you should code review all apps before installing them

Don't run Splunk as root. If you do, this app can allow you to run commands as root which is very dangerous

Please don't waste time trying to get this installed on Splunk Cloud

There is some basic audit logging here:

index=_internal source="*config_explorer.log"

Copyright (C) 2019 Chris Younger
I am a Splunk Professional Services consultant working for JDS Australia (https://www.jds.net.au), in Brisbane Australia.

Using git auto-commit

Before enabling the git auto-complete feature you must first create a git repository somewhere. For example:

$ cd /opt/splunk/etc
$ git init

You will probably also need to set a username and email address for config_explorer to use for commits:

If you wish to use a non-standard git repository location, you can set these environment variables:

export GIT_DIR=/opt/splunk/.git/
export GIT_WORK_TREE=/opt/splunk/

You will need to consider your .gitignore file. If your directory already has .gitignore files in it, you
may instead need to make a .gitignore file that ignores deeper nested .gitignore files.

Finally, if you want to push changes to an external repo, I would recommend you create a script input
to do so, or alternatively, see my custom git app here: https://splunkbase.splunk.com/app/4182/

Locking it down

In order to prevent file editing semi-permanantly, set write_access = false and hide_settings = true.
This will prevent being able to change settings until someone changes files directly on the filesystem.

AppInspect Tooling

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.